From ca1ae6ba2cb787432e85ef7d0f8ee825760a2f51 Mon Sep 17 00:00:00 2001 From: xisi Date: Sun, 2 Feb 2014 11:57:06 -0500 Subject: [PATCH] wrapped KLogger --- public/include/autoloader.inc.php | 4 +- public/include/classes/invitation.class.php | 3 + public/include/classes/logger.class.php | 29 +++++ public/include/classes/notification.class.php | 4 +- public/include/classes/payout.class.php | 8 +- public/include/classes/user.class.php | 118 ++++++------------ public/include/config/security.inc.dist.php | 1 + public/include/pages/account/edit.inc.php | 4 +- public/include/pages/admin/settings.inc.php | 4 +- public/index.php | 4 +- 10 files changed, 78 insertions(+), 101 deletions(-) create mode 100644 public/include/classes/logger.class.php diff --git a/public/include/autoloader.inc.php b/public/include/autoloader.inc.php index 888fca18..65a3c808 100644 --- a/public/include/autoloader.inc.php +++ b/public/include/autoloader.inc.php @@ -12,9 +12,7 @@ if (empty($config['algorithm']) || $config['algorithm'] == 'scrypt') { // Default classes require_once(CLASS_DIR . '/debug.class.php'); require_once(INCLUDE_DIR . '/lib/KLogger.php'); -if ($config['logging']['enabled']) { - $log = new KLogger($config['logging']['path']."/".$config['logging']['file'], $config['logging']['level']); -} +require_once(CLASS_DIR . '/logger.class.php'); if ($config['mysql_filter']) { require_once(CLASS_DIR . '/strict.class.php'); } diff --git a/public/include/classes/invitation.class.php b/public/include/classes/invitation.class.php index 7acbf2ac..dfa0fe93 100644 --- a/public/include/classes/invitation.class.php +++ b/public/include/classes/invitation.class.php @@ -114,12 +114,14 @@ class Invitation extends Base { } $aData['username'] = $this->user->getUserName($account_id); $aData['subject'] = 'Pending Invitation'; + $this->log->log("info", $this->user->getUserName($account_id)." sent an invitation from [".$_SERVER['REMOTE_ADDR']."]"); if ($this->mail->sendMail('invitations/body', $aData)) { $aToken = $this->token->getToken($aData['token'], 'invitation'); if (!$this->createInvitation($account_id, $aData['email'], $aToken['id'])) return false; return true; } else { + $this->log->log("warn", $this->user->getUserName($account_id)." sent an invitation but the mailing failed from [".$_SERVER['REMOTE_ADDR']."]"); $this->setErrorMessage($this->getErrorMsg('E0028')); } $this->setErrorMessage($this->getErrorMsg('E0029')); @@ -130,6 +132,7 @@ class Invitation extends Base { // Instantiate class $invitation = new invitation(); $invitation->setDebug($debug); +$invitation->setLog($log); $invitation->setMysql($mysqli); $invitation->setMail($mail); $invitation->setUser($user); diff --git a/public/include/classes/logger.class.php b/public/include/classes/logger.class.php new file mode 100644 index 00000000..84de7244 --- /dev/null +++ b/public/include/classes/logger.class.php @@ -0,0 +1,29 @@ + 0) { + $this->KLogger = new KLogger($config['logging']['path']."/".$config['logging']['file'], $config['logging']['level']); + $this->logging = true; + } + } + public function log($type, $message) { + if ($this->logging) { + switch ($type) { + case 'info': + $this->KLogger->LogInfo($message); + break; + case 'warn': + $this->KLogger->LogWarn($message); + break; + } + return true; + } else { + return true; + } + } +} +$log = new Logger($config); +?> \ No newline at end of file diff --git a/public/include/classes/notification.class.php b/public/include/classes/notification.class.php index 16817d65..d66dd4ec 100644 --- a/public/include/classes/notification.class.php +++ b/public/include/classes/notification.class.php @@ -120,9 +120,7 @@ class Notification extends Mail { $this->setErrorMessage($this->getErrorMsg('E0047', $failed)); return $this->sqlError(); } - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogInfo("User $account_id updated notification settings from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("info", "User $account_id updated notification settings from [".$_SERVER['REMOTE_ADDR']."]"); return true; } diff --git a/public/include/classes/payout.class.php b/public/include/classes/payout.class.php index 0a7c3b34..03fc0667 100644 --- a/public/include/classes/payout.class.php +++ b/public/include/classes/payout.class.php @@ -45,16 +45,12 @@ class Payout Extends Base { if ($delete) { return true; } else { - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogInfo("User $account_id requested manual payout but the token deletion failed from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("info", "User $account_id requested manual payout but the token deletion failed from [".$_SERVER['REMOTE_ADDR']."]"); $this->setErrorMessage('Unable to delete token'); return false; } } else { - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogInfo("User $account_id requested manual payout using an invalid token from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("info", "User $account_id requested manual payout using an invalid token from [".$_SERVER['REMOTE_ADDR']."]"); $this->setErrorMessage('Invalid token'); return false; } diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php index 70325e16..e0a84682 100644 --- a/public/include/classes/user.class.php +++ b/public/include/classes/user.class.php @@ -69,23 +69,17 @@ class User extends Base { } public function changeNoFee($id) { $field = array('name' => 'no_fees', 'type' => 'i', 'value' => !$this->isNoFee($id)); - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($id)." changed no_fees to ".$this->isNoFee($id)." from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", $this->getUserName($id)." changed no_fees to ".$this->isNoFee($id)." from [".$_SERVER['REMOTE_ADDR']."]"); return $this->updateSingle($id, $field); } public function setLocked($id, $value) { $field = array('name' => 'is_locked', 'type' => 'i', 'value' => $value); - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($id)." changed is_locked to $value from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", $this->getUserName($id)." changed is_locked to $value from [".$_SERVER['REMOTE_ADDR']."]"); return $this->updateSingle($id, $field); } public function changeAdmin($id) { $field = array('name' => 'is_admin', 'type' => 'i', 'value' => !$this->isAdmin($id)); - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($id)." changed is_admin to ".$this->isAdmin($id)." from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", $this->getUserName($id)." changed is_admin to ".$this->isAdmin($id)." from [".$_SERVER['REMOTE_ADDR']."]"); return $this->updateSingle($id, $field); } public function setUserFailed($id, $value) { @@ -154,10 +148,8 @@ class User extends Base { $lastLoginTime = $this->getLastLogin($uid); $this->updateLoginTimestamp($uid); $getIPAddress = $this->getUserIp($uid); - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - if ($getIPAddress !== $_SERVER['REMOTE_ADDR']) { - $this->log->LogWarn("$username has logged in with a different IP [".$_SERVER['REMOTE_ADDR']."] saved is [$getIPAddress]"); - } + if ($getIPAddress !== $_SERVER['REMOTE_ADDR']) { + $this->log->log("warn", "$username has logged in with a different IP [".$_SERVER['REMOTE_ADDR']."] saved is [$getIPAddress]"); } $setIPAddress = $this->setUserIp($uid, $_SERVER['REMOTE_ADDR']); $this->createSession($username, $getIPAddress, $lastLoginTime); @@ -186,17 +178,13 @@ class User extends Base { } } $this->setErrorMessage("Invalid username or password"); - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogInfo("$username failed login from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("info", "$username failed login from [".$_SERVER['REMOTE_ADDR']."]"); if ($id = $this->getUserId($username)) { $this->incUserFailed($id); // Check if this account should be locked if (isset($this->config['maxfailed']['login']) && $this->getUserFailed($id) >= $this->config['maxfailed']['login']) { $this->setLocked($id, 1); - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn("$username locked via failed logins from [".$_SERVER['REMOTE_ADDR']."] saved is [".$this->getUserIp($this->getUserId($username))."]"); - } + $this->log->log("warn", "$username locked via failed logins from [".$_SERVER['REMOTE_ADDR']."] saved is [".$this->getUserIp($this->getUserId($username))."]"); if ($token = $this->token->createToken('account_unlock', $id)) { $aData['token'] = $token; $aData['username'] = $username; @@ -225,16 +213,12 @@ class User extends Base { $this->setUserPinFailed($userId, 0); return ($pin_hash === $row_pin); } - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogInfo($this->getUserName($userId)." incorrect pin from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("info", $this->getUserName($userId)." incorrect pin from [".$_SERVER['REMOTE_ADDR']."]"); $this->incUserPinFailed($userId); // Check if this account should be locked if (isset($this->config['maxfailed']['pin']) && $this->getUserPinFailed($userId) >= $this->config['maxfailed']['pin']) { $this->setLocked($userId, 1); - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($userId)." was locked via incorrect pins from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", $this->getUserName($userId)." was locked via incorrect pins from [".$_SERVER['REMOTE_ADDR']."]"); if ($token = $this->token->createToken('account_unlock', $userId)) { $username = $this->getUserName($userId); $aData['token'] = $token; @@ -263,22 +247,16 @@ class User extends Base { if ($this->checkStmt($stmt) && $stmt->bind_param('sis', $newpin, $userID, $current) && $stmt->execute()) { if ($stmt->errno == 0 && $stmt->affected_rows === 1) { if ($this->mail->sendMail('pin/reset', $aData)) { - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogInfo($this->getUserName($userID)." was sent a pin reset from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("info", $this->getUserName($userID)." was sent a pin reset from [".$_SERVER['REMOTE_ADDR']."]"); return true; } else { - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($userID)." request a pin reset but the mailing failed from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", $this->getUserName($userID)." request a pin reset but the mailing failed from [".$_SERVER['REMOTE_ADDR']."]"); $this->setErrorMessage('Unable to send mail to your address'); return false; } } } - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($userID)." incorrect pin reset attempt from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", $this->getUserName($userID)." incorrect pin reset attempt from [".$_SERVER['REMOTE_ADDR']."]"); $this->setErrorMessage( 'Unable to generate PIN, current password incorrect?' ); return false; } @@ -353,22 +331,16 @@ class User extends Base { default: $aData['subject'] = ''; } - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogInfo($this->getUserName($userID)." was sent a $strType token from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("info", $this->getUserName($userID)." was sent a $strType token from [".$_SERVER['REMOTE_ADDR']."]"); if ($this->mail->sendMail('notifications/'.$strType, $aData)) { return true; } else { $this->setErrorMessage('Failed to send the notification'); - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($userID)." requested a $strType token but the mailing failed from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", $this->getUserName($userID)." requested a $strType token but the mailing failed from [".$_SERVER['REMOTE_ADDR']."]"); return false; } } - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($userID)." attempted to request multiple $strType tokens from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", $this->getUserName($userID)." attempted to request multiple $strType tokens from [".$_SERVER['REMOTE_ADDR']."]"); $this->setErrorMessage('A request has already been sent to your e-mail address. Please wait an hour for it to expire.'); return false; } @@ -398,21 +370,15 @@ class User extends Base { $tValid = $this->token->isTokenValid($userID, $strToken, 6); if ($tValid) { if ($this->token->deleteToken($strToken)) { - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogInfo($this->getUserName($userID)." deleted change password token from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("info", $this->getUserName($userID)." deleted change password token from [".$_SERVER['REMOTE_ADDR']."]"); // token deleted, continue } else { - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($userID)." change password token failed to delete from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", $this->getUserName($userID)." change password token failed to delete from [".$_SERVER['REMOTE_ADDR']."]"); $this->setErrorMessage('Token deletion failed'); return false; } } else { - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($userID)." attempted to use an invalid change password token from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", $this->getUserName($userID)." attempted to use an invalid change password token from [".$_SERVER['REMOTE_ADDR']."]"); $this->setErrorMessage('Invalid token'); return false; } @@ -422,16 +388,14 @@ class User extends Base { $stmt->bind_param('sis', $new, $userID, $current); $stmt->execute(); if ($stmt->errno == 0 && $stmt->affected_rows === 1) { - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogInfo($this->getUserName($userID)." updated password from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("info", $this->getUserName($userID)." updated password from [".$_SERVER['REMOTE_ADDR']."]"); return true; } $stmt->close(); } - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($userID)." incorrect password update attempt from [".$_SERVER['REMOTE_ADDR']."]"); - } + + $this->log->log("warn", $this->getUserName($userID)." incorrect password update attempt from [".$_SERVER['REMOTE_ADDR']."]"); + $this->setErrorMessage( 'Unable to update password, current password wrong?' ); return false; } @@ -501,21 +465,15 @@ class User extends Base { $tValid = $this->token->isTokenValid($userID, $strToken, 5); if ($tValid) { if ($this->token->deleteToken($strToken)) { - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogInfo($this->getUserName($userID)." deleted account update token for [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("info", $this->getUserName($userID)." deleted account update token for [".$_SERVER['REMOTE_ADDR']."]"); } else { $this->setErrorMessage('Token deletion failed'); - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($userID)." updated their account details but token deletion failed from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", $this->getUserName($userID)." updated their account details but token deletion failed from [".$_SERVER['REMOTE_ADDR']."]"); return false; } } else { $this->setErrorMessage('Invalid token'); - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn($this->getUserName($userID)." attempted to use an invalid token account update token from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", $this->getUserName($userID)." attempted to use an invalid token account update token from [".$_SERVER['REMOTE_ADDR']."]"); return false; } } @@ -523,9 +481,7 @@ class User extends Base { // We passed all validation checks so update the account $stmt = $this->mysqli->prepare("UPDATE $this->table SET coin_address = ?, ap_threshold = ?, donate_percent = ?, email = ?, is_anonymous = ? WHERE id = ?"); if ($this->checkStmt($stmt) && $stmt->bind_param('sddsii', $address, $threshold, $donate, $email, $is_anonymous, $userID) && $stmt->execute()) { - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogInfo($this->getUserName($userID)." updated their account details from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("info", $this->getUserName($userID)." updated their account details from [".$_SERVER['REMOTE_ADDR']."]"); return true; } // Catchall @@ -587,6 +543,9 @@ class User extends Base { $_SESSION['AUTHENTICATED'] = '1'; // $this->user from checkUserPassword $_SESSION['USERDATA'] = $this->user; + if ($this->config['protect_session_state']) { + $_SESSION['STATE'] = md5($_SESSION['USERDATA']['username'].$_SESSION['USERDATA']['id'].$_SERVER['HTTP_USER_AGENT']); + } } /** @@ -741,6 +700,7 @@ class User extends Base { $invitation = new Invitation(); $invitation->setMysql($this->mysqli); $invitation->setDebug($this->debug); + $invitation->setLog($this->log); $invitation->setUser($this); $invitation->setConfig($this->config); if (!$invitation->setActivated($aToken['id'])) { @@ -749,6 +709,7 @@ class User extends Base { } if (!$this->token->deleteToken($strToken)) { $this->setErrorMessage('Unable to remove used token'); + $this->log->log("warn", "$username tried to register but the token failed to delete [".$_SERVER['REMOTE_ADDR']."]"); return false; } } @@ -869,12 +830,10 @@ class User extends Base { } $aData['username'] = $this->getUserName($this->getUserId($username, true)); $aData['subject'] = 'Password Reset Request'; - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - if ($_SERVER['REMOTE_ADDR'] !== $this->getUserIp($this->getUserId($username, true))) { - $this->log->LogWarn("$username requested password reset from [".$_SERVER['REMOTE_ADDR']."] saved is [".$this->getUserIp($this->getUserId($username, true))."]"); - } else { - $this->log->LogInfo("$username requested password reset from [".$_SERVER['REMOTE_ADDR']."] saved is [".$this->getUserIp($this->getUserId($username, true))."]"); - } + if ($_SERVER['REMOTE_ADDR'] !== $this->getUserIp($this->getUserId($username, true))) { + $this->log->log("warn", "$username requested password reset from [".$_SERVER['REMOTE_ADDR']."] saved is [".$this->getUserIp($this->getUserId($username, true))."]"); + } else { + $this->log->log("info", "$username requested password reset from [".$_SERVER['REMOTE_ADDR']."] saved is [".$this->getUserIp($this->getUserId($username, true))."]"); } if ($this->mail->sendMail('password/reset', $aData)) { return true; @@ -896,12 +855,11 @@ public function isAuthenticated($logout=true) { $this->debug->append("STA " . __METHOD__, 4); if (@$_SESSION['AUTHENTICATED'] == true && !$this->isLocked($_SESSION['USERDATA']['id']) && - $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR'] + $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR'] && + (!$this->config['protect_session_state'] || ($this->config['protect_session_state'] && $_SESSION['STATE'] == md5($_SESSION['USERDATA']['username'].$_SESSION['USERDATA']['id'].$_SERVER['HTTP_USER_AGENT']))) ) return true; // Catchall - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $this->log->LogWarn("Forcing logout, user is locked or IP changed mid session from [".$_SERVER['REMOTE_ADDR']."]"); - } + $this->log->log("warn", "Forcing logout, user is locked or IP changed mid session from [".$_SERVER['REMOTE_ADDR']."] [hijack attempt?]"); if ($logout == true) $this->logoutUser(); return false; } diff --git a/public/include/config/security.inc.dist.php b/public/include/config/security.inc.dist.php index b0d33a08..6c98eb09 100644 --- a/public/include/config/security.inc.dist.php +++ b/public/include/config/security.inc.dist.php @@ -8,6 +8,7 @@ $defflip = (!cfip()) ? exit(header('HTTP/1.1 401 Unauthorized')) : 1; **/ $config['https_only'] = false; $config['mysql_filter'] = true; +$config['protect_session_state'] = false; /** * Logging diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php index 4e59bea4..23b4888e 100644 --- a/public/include/pages/account/edit.inc.php +++ b/public/include/pages/account/edit.inc.php @@ -99,9 +99,7 @@ if ($user->isAuthenticated()) { } else { $aBalance = $transaction->getBalance($_SESSION['USERDATA']['id']); $dBalance = $aBalance['confirmed']; - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $user->log->LogInfo($_SESSION['USERDATA']['username']." requesting manual payout from [".$_SERVER['REMOTE_ADDR']."]"); - } + $user->log->log("info", $_SESSION['USERDATA']['username']." requesting manual payout from [".$_SERVER['REMOTE_ADDR']."]"); if ($dBalance > $config['txfee_manual']) { if (!$oPayout->isPayoutActive($_SESSION['USERDATA']['id'])) { if (!$config['csrf']['enabled'] || $config['csrf']['enabled'] && $csrftoken->valid) { diff --git a/public/include/pages/admin/settings.inc.php b/public/include/pages/admin/settings.inc.php index cd9a5230..4e02af22 100644 --- a/public/include/pages/admin/settings.inc.php +++ b/public/include/pages/admin/settings.inc.php @@ -8,9 +8,7 @@ if (!$user->isAuthenticated() || !$user->isAdmin($_SESSION['USERDATA']['id'])) { } if (@$_REQUEST['do'] == 'save' && !empty($_REQUEST['data'])) { - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $user->log->LogWarn($_SESSION['USERDATA']['username']." changed admin settings from [".$_SERVER['REMOTE_ADDR']."]"); - } + $user->log->log("warn", @$_SESSION['USERDATA']['username']." changed admin settings from [".$_SERVER['REMOTE_ADDR']."]"); foreach($_REQUEST['data'] as $var => $value) { $setting->setValue($var, $value); } diff --git a/public/index.php b/public/index.php index df800d64..5003efd8 100644 --- a/public/index.php +++ b/public/index.php @@ -59,9 +59,7 @@ if ($config['memcache']['enabled'] && $config['mc_antidos']['enabled']) { $session_start = @session_start(); session_set_cookie_params(time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']); if (!$session_start) { - if ($this->config['logging']['enabled'] && $this->config['logging']['level'] > 0) { - $log->LogInfo("Forcing session id regeneration for ".$_SERVER['REMOTE_ADDR']." [hijack attempt?]"); - } + $log->log("info", "Forcing session id regeneration for ".$_SERVER['REMOTE_ADDR']." [hijack attempt?]"); session_destroy(); session_regenerate_id(true); session_start();